last executing test programs:

2.814113913s ago: executing program 1 (id=2):
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x8, 0x0, 0x0)

671.084266ms ago: executing program 0 (id=5):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000030c0), 0x200, 0x0)
preadv(r0, &(0x7f0000004300)=[{&(0x7f0000003100)=""/249, 0xf9}, {&(0x7f0000003200)=""/124, 0x7c}, {&(0x7f0000003280)=""/112, 0x70}, {&(0x7f0000003300)=""/4096, 0x1000}], 0x4, 0x2, 0x800)

566.254508ms ago: executing program 0 (id=6):
r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000000200000014000200626f6e645100000000000000000000000900010073797a300000000009000300"], 0x43}}, 0x0)

439.187774ms ago: executing program 0 (id=7):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x10b})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000800)={@fda={0x66646185, 0x8, 0x2, 0x3b}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff}, @fda={0x66646185, 0x9, 0x1}}, &(0x7f0000000240)={0x0, 0x20, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})

319.11776ms ago: executing program 0 (id=8):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x5, 0xe4340000, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)

109.817166ms ago: executing program 0 (id=9):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './file1/../file0', [{0x20, '1\x01\x9e\x00\x00\xf6\xb2\xa1\xec\x13\vi\x06\x05cZe\x87\xf6\xbaj\x85+\xbc\xf8T\xc7a\xf0\xe3?\x01\x83\f\x0e\xac\xec8\x8e\x8b\xce\xe6\xc1\xda\xf1\xb6\xfe\xb5D\xf1\xea^\\}]s}\xe4zB|\xd9>.TF\xd3g\x90\xafa\x13\xeb\xbbN\xb7i\v\x82\x02\xfb\x95\f\xe8J\xef\xee\xaf\xea\xf3]<\xd9\xa5\x02\n\xaa\xe2\xcdZ\xda\x85\xdd*\x13\x0e&.\x1a\xaf\"\x11\x97zS\xbc\xaan~/U\xe0>\xfc\x17S\x9b\xf5\xf7\xdb\xbeH\xc2\v\xa3r\a\xdaC\xc9\xee{\xa3\xd2IL\xe4\")\xd9s9Y&UiO\xcd\xf4\xd3>\xd2\x98\x8d\x1d~\xd3}\x90\xb3i=\xfd-\x7f\xb9Jdq(\xd8\xfe\x9cu\x12\xe9\x15y \x91\xc2\xcfN\xc0\x9c\xbb8x#\xc8L\xbcd\x00'/217}, {0x20, '\x1b_G\x86~)\x18\x95\x96\xb9\xff\xa4W\xf4]\xea\xa8\xeb;\n:\x19\xb0\xb5Fn\xae\xbc\x047/\x1d\xe6,b%\xff_W\x1f\xc2\x0ex\xe5\xdd0\xd0\x11\xc4\xfc\x13\xa7\x1du\xa4\xc8_7Rv\x1e\x02\xff\x1ammKW\xc50\x80F$\x9cXV\xe6c\xb6\xc0\xf3\x17\x93\xe1a_\xde~\xeb\xdf\xfa\x8e\x92\xd7\x89\a#\v\x1a\xe1T'}, {0x20, 'D\xd4 ,xq\x92z\x12\xf3q`\xf2\x9f\x04\xca\xdf\x1bpL\xea\xd3\x7f6t8\xc9\xb8\xdc\x1b?s\xaf\a\xf3\x97\xac\xa33\xec0\xdfh\xd7\x00\x04E7\x1f/R\xc4\xb1g\xadt\xd3\xb3\xc7J\x15\xe7\r\xee\x99\xd7+\x9a\xafi\t\x19\xc3\x10\xb2Y\xba\xc5O\xca\'\xf4/\xde\v\x04Pzi\x8c(\x84K\x1f\xf9s\xc6\x9d\x92\xca\xac\xbd\xc6\x82\xc8W\x06\xcdC\x9c\xd4=r\a\x90\x87Y\xe15\x11hW\x8d!\xbb\xeb\xfee\xe5+\xc2\x01\x85\xe5\x8b=\xf2y`\x1c\x98\xec$\xdd\xef\x06>\xedd\xa74\x87uvJ\x96\x1b\xcce\x10\xc1\xac\xbfag/\xf9FM\xa7dN\v\xc7x\x02\x92_\xb8'}]}, 0x208)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000480)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8, 0x10000000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3e06e00d96072081000000000000002000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a03c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}})

0s ago: executing program 0 (id=10):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x404f26, 0x5, 0x2, 0x401, 0xc, 0xcc7, 0xfff, 0x5c95239c, 0x5, 0x3bf, 0x802, 0x1600, 0x1, 0x20000001, 0x9, 0xe1cb, 0x6, 0x4, 0x3fe, 0x195, 0x6, 0x0, 0xb, 0x402, 0x9, 0x3, 0x40, 0x5, 0x4, 0x8000003, 0xdffffffa]})

kernel console output (not intermixed with test programs):

[   49.533238][   T29] audit: type=1400 audit(49.460:56): avc:  denied  { read write } for  pid=3092 comm="sftp-server" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   49.533789][   T29] audit: type=1400 audit(49.460:57): avc:  denied  { open } for  pid=3092 comm="sftp-server" path="/dev/null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
Warning: Permanently added '[localhost]:18096' (ED25519) to the list of known hosts.
[   64.466053][   T29] audit: type=1400 audit(64.390:58): avc:  denied  { name_bind } for  pid=3095 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   65.373385][   T29] audit: type=1400 audit(65.300:59): avc:  denied  { execute } for  pid=3096 comm="sh" name="syz-executor" dev="vda" ino=805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   65.404971][   T29] audit: type=1400 audit(65.330:60): avc:  denied  { execute_no_trans } for  pid=3096 comm="sh" path="/syz-executor" dev="vda" ino=805 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   68.838869][   T29] audit: type=1400 audit(68.760:61): avc:  denied  { mounton } for  pid=3096 comm="syz-executor" path="/syzcgroup/unified" dev="vda" ino=806 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   68.844156][   T29] audit: type=1400 audit(68.770:62): avc:  denied  { mount } for  pid=3096 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   68.864229][ T3096] cgroup: Unknown subsys name 'net'
[   68.872453][   T29] audit: type=1400 audit(68.800:63): avc:  denied  { unmount } for  pid=3096 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   69.028780][ T3096] cgroup: Unknown subsys name 'cpuset'
[   69.035471][ T3096] cgroup: Unknown subsys name 'hugetlb'
[   69.036437][ T3096] cgroup: Unknown subsys name 'rlimit'
[   69.256808][   T29] audit: type=1400 audit(69.180:64): avc:  denied  { setattr } for  pid=3096 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=692 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   69.260624][   T29] audit: type=1400 audit(69.180:65): avc:  denied  { mounton } for  pid=3096 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   69.262911][   T29] audit: type=1400 audit(69.190:66): avc:  denied  { mount } for  pid=3096 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   69.457669][ T3098] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   69.460804][   T29] audit: type=1400 audit(69.390:67): avc:  denied  { relabelto } for  pid=3098 comm="mkswap" name="swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
Setting up swapspace version 1, size = 127995904 bytes
[   69.497475][   T29] kauditd_printk_skb: 1 callbacks suppressed
[   69.497847][   T29] audit: type=1400 audit(69.420:69): avc:  denied  { read } for  pid=3096 comm="syz-executor" name="swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   69.502102][   T29] audit: type=1400 audit(69.420:70): avc:  denied  { open } for  pid=3096 comm="syz-executor" path="/swap-file" dev="vda" ino=809 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   77.141565][ T3096] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   79.092946][   T29] audit: type=1400 audit(79.020:71): avc:  denied  { execmem } for  pid=3099 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   79.170542][   T29] audit: type=1400 audit(79.090:72): avc:  denied  { read } for  pid=3101 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   79.179662][   T29] audit: type=1400 audit(79.100:73): avc:  denied  { open } for  pid=3101 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   79.188532][   T29] audit: type=1400 audit(79.110:74): avc:  denied  { mounton } for  pid=3101 comm="syz-executor" path="/" dev="vda" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   79.218344][   T29] audit: type=1400 audit(79.140:75): avc:  denied  { module_request } for  pid=3101 comm="syz-executor" kmod="netdev-nr0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   79.219635][   T29] audit: type=1400 audit(79.140:76): avc:  denied  { module_request } for  pid=3102 comm="syz-executor" kmod="netdev-nr1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   79.272515][   T29] audit: type=1400 audit(79.200:77): avc:  denied  { sys_module } for  pid=3101 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   79.662470][   T29] audit: type=1400 audit(79.590:78): avc:  denied  { ioctl } for  pid=3101 comm="syz-executor" path="/dev/net/tun" dev="devtmpfs" ino=676 ioctlcmd=0x54ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   80.688065][ T3101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   80.728632][ T3101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.168230][ T3102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   81.197168][ T3102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   81.699590][ T3101] hsr_slave_0: entered promiscuous mode
[   81.703951][ T3101] hsr_slave_1: entered promiscuous mode
[   82.201525][   T29] audit: type=1400 audit(82.120:79): avc:  denied  { create } for  pid=3101 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   82.203336][   T29] audit: type=1400 audit(82.130:80): avc:  denied  { write } for  pid=3101 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   82.213769][ T3102] hsr_slave_0: entered promiscuous mode
[   82.217178][ T3102] hsr_slave_1: entered promiscuous mode
[   82.223577][ T3102] debugfs: 'hsr0' already exists in 'hsr'
[   82.226035][ T3102] Cannot create hsr debugfs directory
[   82.233940][ T3101] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   82.267701][ T3101] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   82.279265][ T3101] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   82.292534][ T3101] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   82.632319][ T3102] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   82.643545][ T3102] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   82.652600][ T3102] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   82.658360][ T3102] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   83.253159][ T3101] 8021q: adding VLAN 0 to HW filter on device bond0
[   83.451324][ T3102] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.932667][ T3102] veth0_vlan: entered promiscuous mode
[   85.947155][ T3102] veth1_vlan: entered promiscuous mode
[   86.013662][ T3102] veth0_macvtap: entered promiscuous mode
[   86.023816][ T3102] veth1_macvtap: entered promiscuous mode
[   86.093281][ T1388] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.093975][ T1388] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.094034][ T1388] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.094067][ T1388] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   86.257281][   T29] kauditd_printk_skb: 1 callbacks suppressed
[   86.258944][   T29] audit: type=1400 audit(86.180:82): avc:  denied  { mount } for  pid=3102 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[   86.270560][   T29] audit: type=1400 audit(86.190:83): avc:  denied  { mounton } for  pid=3102 comm="syz-executor" path="/syzkaller.QblPqI/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   86.291376][   T29] audit: type=1400 audit(86.210:84): avc:  denied  { mount } for  pid=3102 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   86.313755][ T3101] veth0_vlan: entered promiscuous mode
[   86.322500][   T29] audit: type=1400 audit(86.250:85): avc:  denied  { mounton } for  pid=3102 comm="syz-executor" path="/syzkaller.QblPqI/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[   86.337632][   T29] audit: type=1400 audit(86.260:86): avc:  denied  { mounton } for  pid=3102 comm="syz-executor" path="/syzkaller.QblPqI/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=2167 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[   86.339369][ T3101] veth1_vlan: entered promiscuous mode
[   86.368544][   T29] audit: type=1400 audit(86.290:87): avc:  denied  { unmount } for  pid=3102 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   86.404623][   T29] audit: type=1400 audit(86.330:88): avc:  denied  { mounton } for  pid=3102 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=771 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[   86.406505][   T29] audit: type=1400 audit(86.330:89): avc:  denied  { mount } for  pid=3102 comm="syz-executor" name="/" dev="gadgetfs" ino=3218 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[   86.422801][   T29] audit: type=1400 audit(86.350:90): avc:  denied  { mount } for  pid=3102 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[   86.426201][   T29] audit: type=1400 audit(86.350:91): avc:  denied  { mounton } for  pid=3102 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[   86.431443][ T3101] veth0_macvtap: entered promiscuous mode
[   86.449272][ T3101] veth1_macvtap: entered promiscuous mode
[   86.505638][ T3102] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   86.569071][   T55] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.576858][   T55] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.578065][   T55] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   86.579107][   T55] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.383220][   T10] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[   87.410606][ T1813] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   87.555088][   T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30
[   87.555615][   T10] usb 1-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[   87.561406][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[   87.561722][   T10] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[   87.561778][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.568546][   T10] usb 1-1: config 0 descriptor??
[   87.687233][ T1813] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[   87.691349][ T1813] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.693641][ T1813] usb 2-1: Product: syz
[   87.694926][ T1813] usb 2-1: Manufacturer: syz
[   87.696105][ T1813] usb 2-1: SerialNumber: syz
[   87.706601][ T1813] usb 2-1: config 0 descriptor??
[   88.106574][   T10] koneplus 0003:1E7D:2E22.0001: hidraw0: USB HID vf4.f6 Device [HID 1e7d:2e22] on usb-dummy_hcd.0-1/input0
[   88.298791][ T3708] usb 1-1: USB disconnect, device number 2
[   89.457248][ T3758] comedi comedi3: 8255: I/O port conflict (0x404f26,4)
[   89.459172][ T3758] 8<--- cut here ---
[   89.459361][ T3758] Unable to handle kernel paging request at virtual address fee00008 when write
[   89.459511][ T3758] [fee00008] *pgd=80000080007003, *pmd=00000000
[   89.462179][ T3758] Internal error: Oops: a06 [#1] SMP ARM
[   89.467427][ T3758] Modules linked in:
[   89.468522][ T3758] CPU: 1 UID: 0 PID: 3758 Comm: syz.0.10 Not tainted syzkaller #0 PREEMPT 
[   89.469142][ T3758] Hardware name: ARM-Versatile Express
[   89.469618][ T3758] PC is at subdev_8255_io+0x60/0x6c
[   89.471103][ T3758] LR is at subdev_8255_io+0x4c/0x6c
[   89.471391][ T3758] pc : [<813e03a8>]    lr : [<813e0394>]    psr: 60000013
[   89.471795][ T3758] sp : dfdb5cb8  ip : dfdb5cb8  fp : dfdb5cd4
[   89.472044][ T3758] r10: 00000001  r9 : 00000000  r8 : 00000084
[   89.472355][ T3758] r7 : 00000005  r6 : 0000009b  r5 : 841b9480  r4 : 00000008
[   89.472679][ T3758] r3 : 0000009b  r2 : fee00008  r1 : 00000001  r0 : 841b9480
[   89.473059][ T3758] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[   89.473381][ T3758] Control: 30c5387d  Table: 857dc140  DAC: 00000000
[   89.473687][ T3758] Register r0 information: slab kmalloc-192 start 841b9480 pointer offset 0 size 192
[   89.475145][ T3758] Register r1 information: non-paged memory
[   89.475899][ T3758] Register r2 information: 0-page vmalloc region starting at 0xfee00000 allocated at pci_reserve_io+0x0/0x38
[   89.476735][ T3758] Register r3 information: non-paged memory
[   89.477022][ T3758] Register r4 information: non-paged memory
[   89.477289][ T3758] Register r5 information: slab kmalloc-192 start 841b9480 pointer offset 0 size 192
[   89.477714][ T3758] Register r6 information: non-paged memory
[   89.478047][ T3758] Register r7 information: non-paged memory
[   89.478329][ T3758] Register r8 information: non-paged memory
[   89.478562][ T3758] Register r9 information: NULL pointer
[   89.479907][ T3758] Register r10 information: non-paged memory
[   89.480372][ T3758] Register r11 information: 2-page vmalloc region starting at 0xdfdb4000 allocated at kernel_clone+0xac/0x3ec
[   89.481343][ T3758] Register r12 information: 2-page vmalloc region starting at 0xdfdb4000 allocated at kernel_clone+0xac/0x3ec
[   89.481961][ T3758] Process syz.0.10 (pid: 3758, stack limit = 0xdfdb4000)
[   89.482544][ T3758] Stack: (0xdfdb5cb8 to 0xdfdb6000)
[   89.483015][ T3758] 5ca0:                                                       813e0348 841b9480
[   89.483368][ T3758] 5cc0: 00000005 00000005 dfdb5cf4 dfdb5cd8 813e0080 813e0354 00000005 8050dd18
[   89.483713][ T3758] 5ce0: 856ed084 856ed084 dfdb5d14 dfdb5cf8 813e0440 813e0034 856ed084 841b9480
[   89.484079][ T3758] 5d00: dfdb5da8 00000005 dfdb5d54 dfdb5d18 813e0634 813e03c0 82af1fe0 840bce80
[   89.484492][ T3758] 5d20: 828216f0 00000000 00000000 829d224c 841b9480 841b94c4 dfdb5d90 841b9480
[   89.484831][ T3758] 5d40: 00000000 82b258f8 dfdb5d8c dfdb5d58 813cf580 813e0584 200000c0 00000000
[   89.485196][ T3758] 5d60: dfdb5d7c 200000c0 841b9480 b5403587 200000c0 83b12400 40946400 00000003
[   89.485689][ T3758] 5d80: dfdb5e4c dfdb5d90 813cb0d8 813cf484 35353238 00000000 00000000 00000000
[   89.486046][ T3758] 5da0: 00000000 00404f26 00000005 00000002 00000401 0000000c 00000cc7 00000fff
[   89.486369][ T3758] 5dc0: 5c95239c 00000005 000003bf 00000802 00001600 00000001 20000001 00000009
[   89.486702][ T3758] 5de0: 0000e1cb 00000006 00000004 000003fe 00000195 00000006 00000000 0000000b
[   89.487018][ T3758] 5e00: 00000402 00000009 00000003 00000040 00000005 00000004 08000003 dffffffa
[   89.487343][ T3758] 5e20: 00000000 87e9e07e 00000000 85526900 841b9480 200000c0 200000c0 83b12400
[   89.487881][ T3758] 5e40: dfdb5f14 dfdb5e50 813cc0a4 813cafe4 00000000 00000000 00000000 87e9e07e
[   89.488404][ T3758] 5e60: 00000000 00000000 8249b5e4 0000005f 840d6640 841b94b0 841f7cb4 83b12400
[   89.488749][ T3758] 5e80: dfdb5ee4 dfdb5e90 807ad8f8 807a3e1c 00000064 00000001 00000000 dfdb5eac
[   89.489301][ T3758] 5ea0: 8565f0d0 834f53b8 00006400 0000000b dfdb5ea0 00000000 00000000 87e9e07e
[   89.489700][ T3758] 5ec0: 85526900 40946400 200000c0 200000c0 85526900 00000003 dfdb5ef4 dfdb5ee8
[   89.490293][ T3758] 5ee0: 807ada18 87e9e07e dfdb5f14 40946400 00000000 85526901 200000c0 85526900
[   89.490784][ T3758] 5f00: 00000003 83b12400 dfdb5fa4 dfdb5f18 8057da6c 813cbad4 ecac8b10 83b12400
[   89.491148][ T3758] 5f20: dfdb5f3c dfdb5f30 81a68b84 81a68a54 dfdb5f54 dfdb5f40 8025b5c8 8028dcd4
[   89.491513][ T3758] 5f40: dfdb5fb0 40000000 dfdb5f84 dfdb5f58 802219ec 8025b584 00000000 8281d0bc
[   89.491901][ T3758] 5f60: dfdb5fb0 0014c880 ecac8b10 80221940 00000000 87e9e07e dfdb5fac 00000000
[   89.492251][ T3758] 5f80: 00000000 00316310 00000036 8020029c 83b12400 00000036 00000000 dfdb5fa8
[   89.492753][ T3758] 5fa0: 80200060 8057d948 00000000 00000000 00000003 40946400 200000c0 00000000
[   89.493177][ T3758] 5fc0: 00000000 00000000 00316310 00000036 00300000 00000000 00006364 76f390bc
[   89.493533][ T3758] 5fe0: 76f38ec0 76f38eb0 0001929c 00132320 60000010 00000003 00000000 00000000
[   89.493973][ T3758] Call trace: 
[   89.494418][ T3758] [<813e0348>] (subdev_8255_io) from [<813e0080>] (subdev_8255_do_config+0x58/0x60)
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   89.495431][ T3758]  r7:00000005 r6:00000005 r5:841b9480 r4:813e0348
[   89.495779][ T3758] [<813e0028>] (subdev_8255_do_config) from [<813e0440>] (subdev_8255_io_init+0x8c/0x9c)
[   89.496236][ T3758]  r4:856ed084
[   89.496510][ T3758] [<813e03b4>] (subdev_8255_io_init) from [<813e0634>] (dev_8255_attach+0xbc/0x114)
[   89.496883][ T3758]  r7:00000005 r6:dfdb5da8 r5:841b9480 r4:856ed084
[   89.497218][ T3758] [<813e0578>] (dev_8255_attach) from [<813cf580>] (comedi_device_attach+0x108/0x250)
[   89.497725][ T3758]  r10:82b258f8 r9:00000000 r8:841b9480 r7:dfdb5d90 r6:841b94c4 r5:841b9480
[   89.498186][ T3758]  r4:829d224c
[   89.498354][ T3758] [<813cf478>] (comedi_device_attach) from [<813cb0d8>] (do_devconfig_ioctl+0x100/0x220)
[   89.499043][ T3758]  r10:00000003 r9:40946400 r8:83b12400 r7:200000c0 r6:b5403587 r5:841b9480
[   89.499486][ T3758]  r4:200000c0
[   89.499767][ T3758] [<813cafd8>] (do_devconfig_ioctl) from [<813cc0a4>] (comedi_unlocked_ioctl+0x5dc/0x1c50)
[   89.500317][ T3758]  r8:83b12400 r7:200000c0 r6:200000c0 r5:841b9480 r4:85526900
[   89.500912][ T3758] [<813cbac8>] (comedi_unlocked_ioctl) from [<8057da6c>] (sys_ioctl+0x130/0xba0)
[   89.501331][ T3758]  r10:83b12400 r9:00000003 r8:85526900 r7:200000c0 r6:85526901 r5:00000000
[   89.501696][ T3758]  r4:40946400
[   89.502130][ T3758] [<8057d93c>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c)
[   89.502800][ T3758] Exception stack(0xdfdb5fa8 to 0xdfdb5ff0)
[   89.503164][ T3758] 5fa0:                   00000000 00000000 00000003 40946400 200000c0 00000000
[   89.503490][ T3758] 5fc0: 00000000 00000000 00316310 00000036 00300000 00000000 00006364 76f390bc
[   89.503915][ T3758] 5fe0: 76f38ec0 76f38eb0 0001929c 00132320
[   89.504302][ T3758]  r10:00000036 r9:83b12400 r8:8020029c r7:00000036 r6:00316310 r5:00000000
[   89.504744][ T3758]  r4:00000000
[   89.505205][ T3758] Code: e6ef3076 e0842002 e7f32052 e2422612 (e5c23000) 
[   89.505892][ T3758] ---[ end trace 0000000000000000 ]---
[   89.506712][ T3758] Kernel panic - not syncing: Fatal exception
[   89.511319][ T3758] Rebooting in 86400 seconds..

VM DIAGNOSIS:
09:47:05  Registers:
info registers vcpu 0

CPU#0
R00=00000000 R01=00000000 R02=00000004 R03=81a693b8
R04=00000006 R05=828f7ec8 R06=00000000 R07=828f7ec0
R08=83213000 R09=00000028 R10=828f7ec8 R11=df855d7c
R12=df855d80 R13=df855d70 R14=8033f41c R15=81a693c8
PSR=60000093 -ZC- A S svc32
s00=00000000 s01=00000000 d00=0000000000000000
s02=00000000 s03=00000000 d01=0000000000000000
s04=00000000 s05=00000000 d02=0000000000000000
s06=00000000 s07=00000000 d03=0000000000000000
s08=00000000 s09=00000000 d04=0000000000000000
s10=00000000 s11=00000000 d05=0000000000000000
s12=00000000 s13=00000000 d06=0000000000000000
s14=00000000 s15=00000000 d07=0000000000000000
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
s32=00000000 s33=00000000 d16=0000000000000000
s34=00000000 s35=00000000 d17=0000000000000000
s36=00000000 s37=00000000 d18=0000000000000000
s38=00000000 s39=00000000 d19=0000000000000000
s40=00000000 s41=00000000 d20=0000000000000000
s42=00000000 s43=00000000 d21=0000000000000000
s44=00000000 s45=00000000 d22=0000000000000000
s46=00000000 s47=00000000 d23=0000000000000000
s48=00000000 s49=00000000 d24=0000000000000000
s50=00000000 s51=00000000 d25=0000000000000000
s52=00000000 s53=00000000 d26=0000000000000000
s54=00000000 s55=00000000 d27=0000000000000000
s56=00000000 s57=00000000 d28=0000000000000000
s58=00000000 s59=00000000 d29=0000000000000000
s60=00000000 s61=00000000 d30=0000000000000000
s62=00000000 s63=00000000 d31=0000000000000000
FPSCR: 00000000
info registers vcpu 1

CPU#1
R00=00000001 R01=00000001 R02=00000002 R03=00000052
R04=dfdb5a38 R05=00000000 R06=82959318 R07=00000001
R08=828271a0 R09=00000000 R10=0000038a R11=dfdb5a34
R12=dfdb59b0 R13=dfdb59d8 R14=81a68b64 R15=802e4bdc
PSR=60000193 -ZC- A S svc32
s00=00000000 s01=00000000 d00=0000000000000000
s02=00000000 s03=00000000 d01=0000000000000000
s04=00000000 s05=00000000 d02=0000000000000000
s06=00000000 s07=00000000 d03=0000000000000000
s08=00000000 s09=00000000 d04=0000000000000000
s10=00000000 s11=00000000 d05=0000000000000000
s12=00000000 s13=00000000 d06=0000000000000000
s14=00000000 s15=00000000 d07=0000000000000000
s16=00000000 s17=00000000 d08=0000000000000000
s18=00000000 s19=00000000 d09=0000000000000000
s20=00000000 s21=00000000 d10=0000000000000000
s22=00000000 s23=00000000 d11=0000000000000000
s24=00000000 s25=00000000 d12=0000000000000000
s26=00000000 s27=00000000 d13=0000000000000000
s28=00000000 s29=00000000 d14=0000000000000000
s30=00000000 s31=00000000 d15=0000000000000000
s32=00000000 s33=00000000 d16=0000000000000000
s34=00000000 s35=00000000 d17=0000000000000000
s36=00000000 s37=00000000 d18=0000000000000000
s38=00000000 s39=00000000 d19=0000000000000000
s40=00000000 s41=00000000 d20=0000000000000000
s42=00000000 s43=00000000 d21=0000000000000000
s44=00000000 s45=00000000 d22=0000000000000000
s46=00000000 s47=00000000 d23=0000000000000000
s48=00000000 s49=00000000 d24=0000000000000000
s50=00000000 s51=00000000 d25=0000000000000000
s52=00000000 s53=00000000 d26=0000000000000000
s54=00000000 s55=00000000 d27=0000000000000000
s56=00000000 s57=00000000 d28=0000000000000000
s58=00000000 s59=00000000 d29=0000000000000000
s60=00000000 s61=00000000 d30=0000000000000000
s62=00000000 s63=00000000 d31=0000000000000000
FPSCR: 00000000